Skip to main content
All CollectionsAPI
Drata Open API: Get All Controls
Drata Open API: Get All Controls

This article shows how to retrieve all controls from Drata.

Harrison Krat avatar
Written by Harrison Krat
Updated over a week ago


The Drata Open API allows you to pull control records from Drata to review all of the control data in a single document. You can leverage the available GET endpoint to automate a bulk export of control data from Drata.


  • See our full API developer documentation at

  • See this help article on how to generate an API key. The full API key will only be shown once when you create the key. You will not be able to access it again. Scope the key for read access of the events data entity.

  • A rate limit of 500 requests / minute will be enforced per unique source IP.

  • Identify the query parameters by which you would like to filter controls.

  • The bulk get request aggregates all of the data entities and prints the raw data to a .json file.

  • We recommend using a formatting tool to format the .json for readability.

  • This request is made in sets of 50 items by default; adjust the request as needed.


Bulk download control data in a .json file

  1. Create a directory for development of scripts for Drata

  2. Run npm i node-fetch in terminal (npm fetch)

  3. Run npm i lodash in terminal (npm lodash)

  4. Add "type": "module” to package.json in order for this script to run, due to the use of “import”

  5. Optional: dotenv to import the API key from environment variables, else write the API key strings in the code samples below, run npm i dotenv (npm dotenv)

This script is intended to serve as an example template. You will need to configure your local environment and adjust the code to fit your specific use case.

import fetch from 'node-fetch';
import * as dotenv from 'dotenv';
import _, { isEmpty } from 'lodash';
import * as fs from 'fs';


async function run() {
let page = 1;
let totalReviewed = 0;
let totalRecords = 0;
const allControls = [];
const limit = 50;

do {
const query = new URLSearchParams({
page: page,
limit: limit,
let controlData;
try {
const resp = await fetch(
method: 'GET',
headers: {
Authorization: `Bearer ${process.env.API_KEY}`
controlData = await resp.json();
} catch (e) {
controlData = _.get(controlData, 'total');
const controls = _.get(controlData, 'data');
totalReviewed += controls.length
} while (totalReviewed < totalRecords)

if (!isEmpty(allControls)) {
fs.writeFile('drata-controls.json', JSON.stringify(allControls), (err) => {
if (err)
else {
console.log('File written successfully\n');
} else {
console.log('No data found, adjust get request parameters\n');

Did this answer your question?